Merge pull request #46815 from nextcloud/refactor/provisioning_api/se…

…curity-attributes refactor(provisioning_api): Replace security annotations with respective attributes
nextcloud · Jul 28, 2024 · 57385a4 · 57385a4
2 parents 69a203d + b51e432
commit 57385a4
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 79 deletions.
diff --git a/apps/provisioning_api/lib/Controller/AppConfigController.php b/apps/provisioning_api/lib/Controller/AppConfigController.php
@@ -11,6 +11,8 @@
 use OC\AppConfig;
 use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\IAppConfig;
@@ -93,9 +95,7 @@ public function getValue(string $app, string $key, string $defaultValue = ''): D
 	}
 
 	/**
-	 * @PasswordConfirmationRequired
 	 * @NoSubAdminRequired
-	 * @NoAdminRequired
 	 *
 	 * Update the config value of an app
 	 *
@@ -107,6 +107,8 @@ public function getValue(string $app, string $key, string $defaultValue = ''): D
 	 * 200: Value updated successfully
 	 * 403: App or key is not allowed
 	 */
+	#[PasswordConfirmationRequired]
+	#[NoAdminRequired]
 	public function setValue(string $app, string $key, string $value): DataResponse {
 		$user = $this->userSession->getUser();
 		if ($user === null) {
@@ -130,8 +132,6 @@ public function setValue(string $app, string $key, string $value): DataResponse
 	}
 
 	/**
-	 * @PasswordConfirmationRequired
-	 *
 	 * Delete a config key of an app
 	 *
 	 * @param string $app ID of the app
@@ -141,6 +141,7 @@ public function setValue(string $app, string $key, string $value): DataResponse
 	 * 200: Key deleted successfully
 	 * 403: App or key is not allowed
 	 */
+	#[PasswordConfirmationRequired]
 	public function deleteKey(string $app, string $key): DataResponse {
 		try {
 			$this->verifyAppId($app);

diff --git a/apps/provisioning_api/lib/Controller/AppsController.php b/apps/provisioning_api/lib/Controller/AppsController.php
@@ -12,6 +12,7 @@
 use OCP\App\AppPathNotFoundException;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSException;
 use OCP\AppFramework\OCSController;
@@ -84,8 +85,6 @@ public function getAppInfo(string $app): DataResponse {
 	}
 
 	/**
-	 * @PasswordConfirmationRequired
-	 *
 	 * Enable an app
 	 *
 	 * @param string $app ID of the app
@@ -94,6 +93,7 @@ public function getAppInfo(string $app): DataResponse {
 	 *
 	 * 200: App enabled successfully
 	 */
+	#[PasswordConfirmationRequired]
 	public function enable(string $app): DataResponse {
 		try {
 			$this->appManager->enableApp($app);
@@ -104,15 +104,14 @@ public function enable(string $app): DataResponse {
 	}
 
 	/**
-	 * @PasswordConfirmationRequired
-	 *
 	 * Disable an app
 	 *
 	 * @param string $app ID of the app
 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
 	 *
 	 * 200: App disabled successfully
 	 */
+	#[PasswordConfirmationRequired]
 	public function disable(string $app): DataResponse {
 		$this->appManager->disableApp($app);
 		return new DataResponse();

diff --git a/apps/provisioning_api/lib/Controller/GroupsController.php b/apps/provisioning_api/lib/Controller/GroupsController.php
@@ -9,10 +9,13 @@
 namespace OCA\Provisioning_API\Controller;
 
 use OCA\Provisioning_API\ResponseDefinitions;
+use OCA\Settings\Settings\Admin\Sharing;
 use OCA\Settings\Settings\Admin\Users;
 use OCP\Accounts\IAccountManager;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSException;
 use OCP\AppFramework\OCS\OCSForbiddenException;
@@ -60,8 +63,6 @@ public function __construct(string $appName,
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get a list of groups
 	 *
 	 * @param string $search Text to search for
@@ -71,6 +72,7 @@ public function __construct(string $appName,
 	 *
 	 * 200: Groups returned
 	 */
+	#[NoAdminRequired]
 	public function getGroups(string $search = '', ?int $limit = null, int $offset = 0): DataResponse {
 		$groups = $this->groupManager->search($search, $limit, $offset);
 		$groups = array_map(function ($group) {
@@ -82,9 +84,6 @@ public function getGroups(string $search = '', ?int $limit = null, int $offset =
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @AuthorizedAdminSetting(settings=OCA\Settings\Settings\Admin\Sharing)
-	 *
 	 * Get a list of groups details
 	 *
 	 * @param string $search Text to search for
@@ -94,6 +93,8 @@ public function getGroups(string $search = '', ?int $limit = null, int $offset =
 	 *
 	 * 200: Groups details returned
 	 */
+	#[NoAdminRequired]
+	#[AuthorizedAdminSetting(settings: Sharing::class)]
 	public function getGroupsDetails(string $search = '', ?int $limit = null, int $offset = 0): DataResponse {
 		$groups = $this->groupManager->search($search, $limit, $offset);
 		$groups = array_map(function ($group) {
@@ -112,8 +113,6 @@ public function getGroupsDetails(string $search = '', ?int $limit = null, int $o
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get a list of users in the specified group
 	 *
 	 * @param string $groupId ID of the group
@@ -124,13 +123,12 @@ public function getGroupsDetails(string $search = '', ?int $limit = null, int $o
 	 *
 	 * 200: Group users returned
 	 */
+	#[NoAdminRequired]
 	public function getGroup(string $groupId): DataResponse {
 		return $this->getGroupUsers($groupId);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get a list of users in the specified group
 	 *
 	 * @param string $groupId ID of the group
@@ -141,6 +139,7 @@ public function getGroup(string $groupId): DataResponse {
 	 *
 	 * 200: User IDs returned
 	 */
+	#[NoAdminRequired]
 	public function getGroupUsers(string $groupId): DataResponse {
 		$groupId = urldecode($groupId);
 
@@ -173,8 +172,6 @@ public function getGroupUsers(string $groupId): DataResponse {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get a list of users details in the specified group
 	 *
 	 * @param string $groupId ID of the group
@@ -187,6 +184,7 @@ public function getGroupUsers(string $groupId): DataResponse {
 	 *
 	 * 200: Group users details returned
 	 */
+	#[NoAdminRequired]
 	public function getGroupUsersDetails(string $groupId, string $search = '', ?int $limit = null, int $offset = 0): DataResponse {
 		$groupId = urldecode($groupId);
 		$currentUser = $this->userSession->getUser();
@@ -231,8 +229,6 @@ public function getGroupUsersDetails(string $groupId, string $search = '', ?int
 	}
 
 	/**
-	 * @PasswordConfirmationRequired
-	 *
 	 * Create a new group
 	 *
 	 * @param string $groupid ID of the group
@@ -243,6 +239,7 @@ public function getGroupUsersDetails(string $groupId, string $search = '', ?int
 	 * 200: Group created successfully
 	 */
 	#[AuthorizedAdminSetting(settings:Users::class)]
+	#[PasswordConfirmationRequired]
 	public function addGroup(string $groupid, string $displayname = ''): DataResponse {
 		// Validate name
 		if (empty($groupid)) {
@@ -264,8 +261,6 @@ public function addGroup(string $groupid, string $displayname = ''): DataRespons
 	}
 
 	/**
-	 * @PasswordConfirmationRequired
-	 *
 	 * Update a group
 	 *
 	 * @param string $groupId ID of the group
@@ -277,6 +272,7 @@ public function addGroup(string $groupid, string $displayname = ''): DataRespons
 	 * 200: Group updated successfully
 	 */
 	#[AuthorizedAdminSetting(settings:Users::class)]
+	#[PasswordConfirmationRequired]
 	public function updateGroup(string $groupId, string $key, string $value): DataResponse {
 		$groupId = urldecode($groupId);
 
@@ -296,8 +292,6 @@ public function updateGroup(string $groupId, string $key, string $value): DataRe
 	}
 
 	/**
-	 * @PasswordConfirmationRequired
-	 *
 	 * Delete a group
 	 *
 	 * @param string $groupId ID of the group
@@ -307,6 +301,7 @@ public function updateGroup(string $groupId, string $key, string $value): DataRe
 	 * 200: Group deleted successfully
 	 */
 	#[AuthorizedAdminSetting(settings:Users::class)]
+	#[PasswordConfirmationRequired]
 	public function deleteGroup(string $groupId): DataResponse {
 		$groupId = urldecode($groupId);
 

diff --git a/apps/provisioning_api/lib/Controller/PreferencesController.php b/apps/provisioning_api/lib/Controller/PreferencesController.php
@@ -10,6 +10,7 @@
 namespace OCA\Provisioning_API\Controller;
 
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\Config\BeforePreferenceDeletedEvent;
@@ -39,7 +40,6 @@ public function __construct(
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @NoSubAdminRequired
 	 *
 	 * Update multiple preference values of an app
@@ -52,6 +52,7 @@ public function __construct(
 	 * 200: Preferences updated successfully
 	 * 400: Preference invalid
 	 */
+	#[NoAdminRequired]
 	public function setMultiplePreferences(string $appId, array $configs): DataResponse {
 		$userId = $this->userSession->getUser()->getUID();
 
@@ -84,7 +85,6 @@ public function setMultiplePreferences(string $appId, array $configs): DataRespo
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @NoSubAdminRequired
 	 *
 	 * Update a preference value of an app
@@ -97,6 +97,7 @@ public function setMultiplePreferences(string $appId, array $configs): DataRespo
 	 * 200: Preference updated successfully
 	 * 400: Preference invalid
 	 */
+	#[NoAdminRequired]
 	public function setPreference(string $appId, string $configKey, string $configValue): DataResponse {
 		$userId = $this->userSession->getUser()->getUID();
 
@@ -125,7 +126,6 @@ public function setPreference(string $appId, string $configKey, string $configVa
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @NoSubAdminRequired
 	 *
 	 * Delete multiple preferences for an app
@@ -137,6 +137,7 @@ public function setPreference(string $appId, string $configKey, string $configVa
 	 * 200: Preferences deleted successfully
 	 * 400: Preference invalid
 	 */
+	#[NoAdminRequired]
 	public function deleteMultiplePreference(string $appId, array $configKeys): DataResponse {
 		$userId = $this->userSession->getUser()->getUID();
 
@@ -167,7 +168,6 @@ public function deleteMultiplePreference(string $appId, array $configKeys): Data
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @NoSubAdminRequired
 	 *
 	 * Delete a preference for an app
@@ -179,6 +179,7 @@ public function deleteMultiplePreference(string $appId, array $configKeys): Data
 	 * 200: Preference deleted successfully
 	 * 400: Preference invalid
 	 */
+	#[NoAdminRequired]
 	public function deletePreference(string $appId, string $configKey): DataResponse {
 		$userId = $this->userSession->getUser()->getUID();